[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mosquitto-dev] odd TLS errors [SOLVED]
|
Hi Greg,
Thanks for the update, I bet that was frustrating to find. Good to
hear you've got it sorted though.
Cheers,
Roger
On Wed, 12 May 2021 at 17:20, Greg Troxel <gdt@xxxxxxxxxx> wrote:
>
>
> Greg Troxel <gdt@xxxxxxxxxx> writes:
>
> > I am seeing strange SSL errors on connections from a nodemcu sensor:
> >
> > 1620579609: OpenSSL Error[0]: error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
>
> What was going on was:
>
> I had a letsencrypt renewal, and now they are providing two chain
> certificates. One is from Identrust to the letsencrypt root, and the
> next from the letsencrypt root to the letsencrypt R3, which signs the
> end entity cert. That way if you trust the letsencrypt root, as
> up-to-date systems do, you can validate from that, and if you don't
> and the identrust one isn't expired yet, you can validate from that.
>
> The combination of 3 certs was kind of big, about 5.5K in the pem
> file.
>
> nodemcu's TLS implementation is documented to only work if the server
> response fits in a 4K buffer.
>
> [I changed the chain to be just the identrust to R3, as was in the
> previous cert 9 weeks ago. I will try just letsencrypt next.]
>
> Now my nodemcu device works. Obviously it was crashing and
> restarting, and OpenSSL was getting EOF from the reset on next boot
> and failing on that. The only maybe bug in openssl is printing the
> wrong error; it probably should have been "peer closed connection
> during negotiation".
>
> My advice to check if your IOT devices are still working stands.
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev